Vulnerability in OMFLOW Allowing Remote Attackers to Gain Control of Server
CVE-2024-8779

8.8HIGH

Key Information:

Vendor: The Syscom Group
Status: Omflow
Vendor: CVE Published:; 16 September 2024

🔔 Create The Syscom Group Vulnerability Alert

What is CVE-2024-8779?

OMFLOW, a product of The SYSCOM Group, contains a significant security vulnerability that permits unauthorized remote access to modify essential system settings. Attackers with standard user privileges can manipulate configuration settings or establish new user accounts, including those with administrative rights. This flaw poses considerable risks to the integrity of server management and overall security, allowing potential takeovers by malicious actors.

Affected Version(s)

OMFLOW 1.1.6.0 <= 1.2.1.2

References

https://www.twcert.org.tw/tw/cp-132-8075-a0d06-1.html

third-party-advisory

https://www.twcert.org.tw/en/cp-139-8076-6ade0-2.html

third-party-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 16, 2024
Vulnerability Reserved
Sep 13, 2024